Lucene search
HistoryMar 20, 2024 - 1:15 p.m.
CVE-2024-1801
cve-2024-1801
progress telerik reporting
insecure deserialization
code execution
vulnerability
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
8.4 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.4%
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Telerik Reporting",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2024 Q1 (18.0.24.130)",
"status": "affected",
"version": "Q1 2007",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2024-1801
2024-03-20 13:15:14
cvelist
cvelist
CVE-2024-1801 Progress Telerik Reporting Local Deserialization Vulnerability
2024-03-20 13:12:34
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
8.4 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.4%
Related for CVE-2024-1801